EP2810418B1 - Group based bootstrapping in machine type communication - Google Patents
Group based bootstrapping in machine type communication Download PDFInfo
- Publication number
- EP2810418B1 EP2810418B1 EP12867499.1A EP12867499A EP2810418B1 EP 2810418 B1 EP2810418 B1 EP 2810418B1 EP 12867499 A EP12867499 A EP 12867499A EP 2810418 B1 EP2810418 B1 EP 2810418B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- group
- key
- session identification
- devices
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
- 238000004891 communication Methods 0.000 title claims description 54
- 238000000034 method Methods 0.000 claims description 49
- 239000000463 material Substances 0.000 claims description 35
- 238000012545 processing Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 9
- 230000011664 signaling Effects 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 5
- 238000005457 optimization Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004846 x-ray emission Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/065—Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/76—Group identity
Definitions
- the present invention relates to group based bootstrapping in machine type communication.
- GBA is standardized to enable network applications and end user side building a shared session secret in order to meet the requirement of secure communication. Technical details are described in [3]. In brief, GBA describes security features and a mechanism to bootstrap authentication and key agreement for application security from 3GPP AKA mechanism described in [4].
- MTC devices In M2M environment, because the number of MTC devices may be in an order of 100 or 1000 of current end users of mobile phones, the MTC devices are usually grouped together for control, management or data convergence, etc. to meet the need of a variety of applications. Group based optimization techniques are described in [1] and [2].
- a shared group session key may be needed for the network application to achieve secure group communication.
- each may need to communicate with the network application individually, and so an independent session key for each device may be also needed.
- GBA can not establish a session key which is shared in all group members since GBA does not support group attribute.
- the other problem is that even if GBA is used to establish session keys between the devices of the group and the network application individually, a plurality of messages is exchanged between them, the number of the messages depending on the number of the group members. This results in low efficiency.
- DH Diffie-Hellman
- MITM Man-In-The-Middle
- Some solutions are deployed which combine PKI (Public-Key-Infrastructure)/certificate and group based key exchange methods to achieve secure group communication.
- the disadvantage is that the cost of deployment is relatively high.
- Another disadvantage is that the implementation is complex and difficult because the PKI system can only be used to authenticate end-to-end, so if supporting group features, some additional process related to a group, e.g. verification of a group member, has to be added at the application layer.
- the invention aims at solving the above-stated problems.
- the invention aims at providing an improved GBA mechanism which can cope with group based optimization of MTC devices.
- GBA has some strong points regarding establishing a shared secret between applications and end devices.
- One is that there is no need for user enrolment phase or secure deployment of keys/certificates, making this solution a low cost one when compared to PKI.
- the second is the ease with which an authentication method may be integrated into terminals and service providers, as it may be based on HTTP "Digest access authentication”.
- usage of GBA is extended to M2M environment, and resources from application layer to network layer can be saved by using this kind of group featured GBA when the number of MTC devices is large.
- the invention proposes enhancing a GBA mechanism used in 3G network to enable network application functions and MTC devices establishing shared keys in the granularity of a group. This is useful in M2M environment where a large number of M2M devices are controlled/managed in groups by network application functions.
- the invention supposes that group information is pre-configured on application layer, for example, a group identity and an identity of a member who belongs to the group are deployed before the procedures involved in this invention.
- Fig. 1 shows a schematic block diagram illustrating a system architecture of GBA extended to M2M environment according to an embodiment of the invention.
- Devices shown in Fig. 1 and a gateway form a group of MTC devices, i.e. are member devices of the group.
- the gateway performs authentication and key agreement procedure for the group.
- the interface between the devices and the gateway is implemented by private communication protocol, e.g. ZigBee, WiFi.
- the gateway communicates with a BSF via Ub interface, and with an NAF via Ua interface.
- the BSF communications with the NAF via Zn interface, and with an HLR or HSS via Zh' interface.
- initiation of bootstrapping requires that the gateway first agrees whether to use the group based GBA on behalf of all group members.
- Fig. 2 shows a signalling diagram illustrating initiation of bootstrapping. This high-level procedure is comprised of the following steps:
- the member device Upon receipt of the bootstrapping initiation required message, the member device should perform bootstrapping authentication procedure which is shown in Fig. 3 .
- the bootstrapping authentication procedure is comprised of the following steps:
- TOKEN is a random number which is like RAND in AV used in the computation of key materials and also used to prevent replay attack.
- K_g is an intermediate group key which is used to verify AUTN and RES.
- Ks_g is a shared session group key generated from authentication and key agreement procedure. Usually it can be divided into two key parts: one is for confidentiality protection and the other is for integrity protection.
- Ks is a shared session key generated from authentication and key agreement procedure between member devices and BSF. Usually it can be divided into two key parts: one is for confidentiality protection and the other is for integrity protection.
- GB-TID is similar to B-TID in GBA, and identifies the session of this group based GBA procedure. GB-TID is introduced to identify the group based GBA procedure, which is dedicated to the group case request.
- the group based GBA usage procedure shown in Fig. 4 is comprised of the following steps:
- the HSS/HLR then generates a fresh sequence number SQN and an unpredictable challenge RAND, then generates other components of AV using K_g as the input key parameter of all AKA functions as illustrated in Fig. 5 .
- the HSS/HLR also computes CK_ind, IK_ind (i.e. Ks) for all group member devices, where:
- the HSS/HLR computes a group key (intermediate group key) K_g based on unique identifications of each member device of a group of machine type communication devices, and a serial of individual keys for each member device of the group.
- the gateway computes the group key K_g, and also a group key Ks_g (shared session group key) based on the key material Km_i from the member devices of the group which is derived from the initial secret K_i (unique identification) of the member devices.
- the BSF receives the authentication vector, a serial of individual keys Ks for the member devices and devices/gateway profiles from the HSS/HLR.
- the BSF may comprise processing resources, memory resources and interfaces for performing the receiving process.
- the HSS/HLR When the HSS/HLR recognizes that a request has been received from a member device of the group which acts as a gateway device performing authentication and key agreement procedure for the group (the gateway in Fig. 3 ), the computing of the group key is performed in response to the request.
- the HSS/HLR computes an authentication vector from the group key and sends the authentication vector and a random value to a service function (BSF).
- BSF service function
- the HSS/HLR may comprise processing resources, memory resources and interfaces for performing the above-described processes of computing, recognizing and sending.
- the gateway sends a random value (TOKEN) to the other member devices of the group, the random value being generated in the context of the authentication vector computed from the group key, and receives key materials from the member devices computed based on the random value and the unique identifications of the member devices in step 6.
- the gateway computes the group key from the key materials of the member devices and the unique identification of the gateway device (step 7.).
- the gateway sends the group key and the session identification of the group to the member devices (step 11.).
- the gateway computes its individual key from the group key. Further, the gateway generates its session identification based on the session identification of the group and its unique identification.
- the gateway may comprise processing resources, memory resources and interfaces for performing the sending, receiving, generating and computing processes.
- Each of the devices computes the key material based on the random value, sends the key material to the gateway, and receives the group key and the session identification of the group from the gateway.
- Each of the devices computes its individual key from the group key.
- each of the devices generates its session identification based on the session identification of the group and its unique identification.
- Each of the devices may comprise processing resources, memory resources and interfaces for performing the processes of receiving, sending, generating and computing.
- the (group based) GBA parameters may be instantiated differently according to multiple options. Now three optional implementations of using these parameters (e.g. GB-TID, B-TID) are described.
- Fig. 7 illustrates a secure group communication usage flow between device/gateway, NAF and BSF according to option 1.
- the NAF and member devices want to securely communicate with each other in the granularity of group. This option is useful for updating sensitive data involving all group members.
- the NAF wants to securely communicate with all group members at the same time, meanwhile the NAF also has the capability of secure communication respectively with individual members of the group.
- the implementation usage flow is shown in Figure 8 .
- the first request should be initiated by the gateway.
- the gateway can compute and store all B-TID through GB-TID by means of a one-way function using a device related identity (e.g. manufacture serial number of each member device) as input. It is supposed that the gateway and BSF know these identities of all member devices before this procedure. In an option 3, the NAF only wants to securely communicate with a respective individual member device.
- the implementation flow is shown in Fig. 9 and corresponds to usual GBA.
- the first request should be initiated by a device.
- the B-TID is generated from GB-TID and the unique device identity by means of a one-way function.
- the computation of B-TID can be done respectively by BSF and member devices.
- communication with a network application function is performed by a member device (device/gateway) by using a session identification of the group (e.g. GB-TID), and/or by using a session identification of a member device of the group (e.g. B-TID), generated based on the session identification of the group and the unique device identity.
- a session identification of the group e.g. GB-TID
- a session identification of a member device of the group e.g. B-TID
- the gateway may first locate the index of the failure member device and send an error message including the index of the failure member device to the BSF, which then terminates the current group base bootstrapping process. A restart of the process depends on a request of the gateway.
- Fig. 10 illustrates this scenario.
- steps 1. to 5. correspond to those of Fig. 3 .
- the gateway detects a key material error and locates an erroneous member device of the group involving the key material error.
- the gateway sends an error message indicating the erroneous member device to the service function (BSF).
- BSF service function
- the processing resources, memory resources and interfaces of the gateway may operate to perform the processes of detecting, locating and sending.
- this invention extends the mutual authentication to all member MTC devices in the group, because the AV computation involves the initial secrets owned by each participated member MTC device who wants to authenticate to the network. It makes sure that all participated devices can be authenticated by the network simultaneously. If anyone of the member MTC devices/gateway in the group is illegal or does not know the initial secret, then the authentication must fail.
- the member MTC devices can authenticate the network by verifying the AUTN since it only can be done when the MTC gateway has received all key materials. So the authentication of the network is done by all member MTC devices of the group, and the member MTC devices of the group must trust the result of the MTC gateway.
- the exchanged messages are reduced to 1/N.
- a group key Ks_g is built and shared among member MTC devices, MTC gateway and the NAF, for the purpose of confidential and integrity protection of the communication within the group.
- an individual key Ks is built between each member MTC device and the NAF, for the purpose of confidential and integrity protection of the communication between individual member devices and the NAF.
- GBA is extended to support establishment of a group shared session key while individual session keys are also supported.
- the simultaneous authentication and key establishment of group devices does not lead to message exploding. Rather, it keeps the same number of messages as the original GBA.
- the apparatus in case it acts as an HSS/HLR, for example, may comprise means for recognizing that a request has been received from a member device of the group which acts as a gateway device performing authentication and key agreement procedure for the group, wherein the computing means perform computing of the group key in response to the request, and the computing means compute an authentication vector from the group key and a serial of individual keys for each member device of the group, and means for sending the authentication vector, the individual keys and a random value to a service function.
- the apparatus in case it acts as a gateway, for example, may comprise means for sending a random value to member devices of the group not acting as the gateway device performing authentication and key agreement procedure for the group, wherein the random value is generated in the context of an authentication vector computed from the group key, and means for receiving key materials from the member devices computed based on the random value and the unique identifications of the member devices, wherein the computing means compute the group key from the key materials of the member devices and the unique identification of the gateway device.
- the sending means may send the group key and the session identification of the group to the member devices.
- the apparatus may comprise means for detecting a key material error and means for locating an erroneous member device of the group involving the key material error, and the sending means may send an error message indicating the erroneous member device to the service function.
- the sending means may send an application request for communication with the application network function, the application request including the session identification of the group and/or the session identification of the member device.
- the apparatus in case it acts as a BSF, for example, may comprise means for receiving a serial of individual keys for each members device of the group.
- the above means may be implemented by processing resources, memory resources and interfaces of the apparatus.
- an apparatus such as a member device of a group of machine type communication devices, comprises means for computing a key material based on a random value which is generated in the context of an authentication vector computed from a group key and a unique identification of the apparatus, means for sending the key material to a member device of the group which acts as a gateway device performing authentication and key agreement procedure for the group, and means for receiving the group key and a session identification of the group from the gateway device, wherein the computing means compute an individual key of the apparatus from the group key, and wherein communication with a network application function is performed by using the session identification of the group, and/or by using a session identification of the apparatus, generated based on the session identification of the group and the unique identification of the apparatus.
- the sending means may send an application request for communication with the application network function, the application request including the session identification of the group or the session identification of the apparatus.
- the above means may be implemented by processing resources, memory resources and interfaces of the apparatus.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2012/070845 WO2013113162A1 (en) | 2012-02-02 | 2012-02-02 | Group based bootstrapping in machine type communication |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2810418A1 EP2810418A1 (en) | 2014-12-10 |
EP2810418A4 EP2810418A4 (en) | 2015-10-28 |
EP2810418B1 true EP2810418B1 (en) | 2018-11-07 |
Family
ID=48904373
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12867499.1A Not-in-force EP2810418B1 (en) | 2012-02-02 | 2012-02-02 | Group based bootstrapping in machine type communication |
Country Status (5)
Country | Link |
---|---|
US (1) | US9654284B2 (zh) |
EP (1) | EP2810418B1 (zh) |
KR (1) | KR101626453B1 (zh) |
CN (1) | CN104145465B (zh) |
WO (1) | WO2013113162A1 (zh) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10178528B2 (en) * | 2012-07-27 | 2019-01-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Device connectivity management for machine type communications |
JP6364069B2 (ja) * | 2013-05-06 | 2018-07-25 | コンヴィーダ ワイヤレス, エルエルシー | デバイストリガ |
EP3028431A1 (en) * | 2013-07-31 | 2016-06-08 | Nec Corporation | Devices and method for mtc group key management |
GB2518254B (en) * | 2013-09-13 | 2020-12-16 | Vodafone Ip Licensing Ltd | Communicating with a machine to machine device |
CN104581704B (zh) * | 2013-10-25 | 2019-09-24 | 中兴通讯股份有限公司 | 一种实现机器类通信设备间安全通信的方法及网络实体 |
US10601815B2 (en) | 2013-11-15 | 2020-03-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and devices for bootstrapping of resource constrained devices |
CN104661171B (zh) * | 2013-11-25 | 2020-02-28 | 中兴通讯股份有限公司 | 一种用于mtc设备组的小数据安全传输方法和系统 |
EP3195642B1 (en) * | 2014-09-05 | 2023-03-22 | Telefonaktiebolaget LM Ericsson (publ) | Interworking and integration of different radio access networks |
JPWO2016132719A1 (ja) * | 2015-02-16 | 2017-12-28 | 日本電気株式会社 | 通信システム、ノード装置、通信端末、及びキー管理方法 |
CN106162515B (zh) * | 2015-04-14 | 2020-07-07 | 中兴通讯股份有限公司 | 一种机器类通信安全通信的方法、装置和系统 |
WO2016172492A1 (en) * | 2015-04-24 | 2016-10-27 | Pcms Holdings, Inc. | Systems, methods, and devices for device credential protection |
US10142819B2 (en) | 2015-07-29 | 2018-11-27 | Blackberry Limited | Establishing machine type communications |
US10615844B2 (en) * | 2016-03-15 | 2020-04-07 | Huawei Technologies Co., Ltd. | System and method for relaying data over a communication network |
US10542570B2 (en) * | 2016-03-15 | 2020-01-21 | Huawei Technologies Co., Ltd. | System and method for relaying data over a communication network |
US10887295B2 (en) * | 2016-10-26 | 2021-01-05 | Futurewei Technologies, Inc. | System and method for massive IoT group authentication |
TWI625977B (zh) * | 2016-11-15 | 2018-06-01 | 艾瑞得科技股份有限公司 | 用以認證通訊裝置下階群組之方法 |
US11122406B2 (en) * | 2017-03-10 | 2021-09-14 | Kyocera Corporation | Bulk RACH machine type communication (MTC) transmissions |
CN110830240B (zh) * | 2018-08-09 | 2023-02-24 | 阿里巴巴集团控股有限公司 | 一种终端与服务器的通信方法和装置 |
GB2579574B (en) * | 2018-12-03 | 2021-08-11 | Advanced Risc Mach Ltd | Bootstrapping with common credential data |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8098818B2 (en) * | 2003-07-07 | 2012-01-17 | Qualcomm Incorporated | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
CN100581104C (zh) * | 2005-01-07 | 2010-01-13 | 华为技术有限公司 | 一种在ip多媒体业务子系统网络中协商密钥的方法 |
CN100550725C (zh) * | 2005-06-17 | 2009-10-14 | 中兴通讯股份有限公司 | 一种用户与应用服务器协商共享密钥的方法 |
US8386782B2 (en) * | 2006-02-02 | 2013-02-26 | Nokia Corporation | Authenticated group key agreement in groups such as ad-hoc scenarios |
CN101087260B (zh) * | 2006-06-05 | 2011-05-04 | 华为技术有限公司 | 基于通用引导构架实现推送功能的方法和设备 |
EP1873668A1 (en) | 2006-06-28 | 2008-01-02 | Nokia Siemens Networks Gmbh & Co. Kg | Integration of device integrity attestation into user authentication |
CN101888626B (zh) * | 2009-05-15 | 2013-09-04 | 中国移动通信集团公司 | 一种实现gba密钥的方法及其终端设备 |
CN102215474B (zh) | 2010-04-12 | 2014-11-05 | 华为技术有限公司 | 对通信设备进行认证的方法和装置 |
US9270672B2 (en) * | 2011-05-26 | 2016-02-23 | Nokia Technologies Oy | Performing a group authentication and key agreement procedure |
-
2012
- 2012-02-02 US US14/375,516 patent/US9654284B2/en active Active
- 2012-02-02 CN CN201280068826.0A patent/CN104145465B/zh not_active Expired - Fee Related
- 2012-02-02 KR KR1020147024523A patent/KR101626453B1/ko active IP Right Grant
- 2012-02-02 EP EP12867499.1A patent/EP2810418B1/en not_active Not-in-force
- 2012-02-02 WO PCT/CN2012/070845 patent/WO2013113162A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
CN104145465B (zh) | 2017-08-29 |
CN104145465A (zh) | 2014-11-12 |
EP2810418A1 (en) | 2014-12-10 |
KR101626453B1 (ko) | 2016-06-01 |
KR20140119802A (ko) | 2014-10-10 |
EP2810418A4 (en) | 2015-10-28 |
WO2013113162A1 (en) | 2013-08-08 |
US20150012744A1 (en) | 2015-01-08 |
US9654284B2 (en) | 2017-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2810418B1 (en) | Group based bootstrapping in machine type communication | |
CN105706390B (zh) | 在无线通信网络中执行设备到设备通信的方法和装置 | |
CN107800539B (zh) | 认证方法、认证装置和认证系统 | |
CN109428874B (zh) | 基于服务化架构的注册方法及装置 | |
EP2039199B1 (en) | User equipment credential system | |
US9705856B2 (en) | Secure session for a group of network nodes | |
US8983066B2 (en) | Private pairwise key management for groups | |
US8559633B2 (en) | Method and device for generating local interface key | |
CN101147377B (zh) | 无线通信的安全自启动 | |
KR101949116B1 (ko) | 3gpp lte에서 모바일 통신 디바이스 간의 근접성 발견, 인증 및 링크 설정 | |
EP3700124B1 (en) | Security authentication method, configuration method, and related device | |
EP3065334A1 (en) | Key configuration method, system and apparatus | |
EP2590356A1 (en) | Method, device and system for authenticating gateway, node and server | |
EP3044973A1 (en) | Methods and systems for communicating with an m2m device | |
CN102318386A (zh) | 向网络的基于服务的认证 | |
US10897707B2 (en) | Methods and apparatus for direct communication key establishment | |
US20150006898A1 (en) | Method For Provisioning Security Credentials In User Equipment For Restrictive Binding | |
CN104955040B (zh) | 一种网络鉴权认证的方法及设备 | |
US20120017080A1 (en) | Method for establishing safe association among wapi stations in ad-hoc network | |
EP3149884B1 (en) | Resource management in a cellular network | |
KR101431214B1 (ko) | 머신 타입 통신에서의 네트워크와의 상호 인증 방법 및 시스템, 키 분배 방법 및 시스템, 및 uicc와 디바이스 쌍 인증 방법 및 시스템 | |
CN107276755B (zh) | 一种安全关联方法、装置及系统 | |
CN117749389A (zh) | 用于获取证书的方法、装置、设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140902 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
RA4 | Supplementary search report drawn up and despatched (corrected) |
Effective date: 20150924 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/32 20060101ALI20150918BHEP Ipc: H04L 9/08 20060101ALI20150918BHEP Ipc: H04W 12/04 20090101ALI20150918BHEP Ipc: H04W 4/00 20090101ALI20150918BHEP Ipc: H04L 29/06 20060101AFI20150918BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/32 20060101ALI20180424BHEP Ipc: H04L 29/06 20060101AFI20180424BHEP Ipc: H04W 12/04 20090101ALI20180424BHEP Ipc: H04W 4/00 20090101ALI20180424BHEP Ipc: H04L 9/08 20060101ALI20180424BHEP |
|
INTG | Intention to grant announced |
Effective date: 20180528 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: AT Ref legal event code: REF Ref document number: 1063437 Country of ref document: AT Kind code of ref document: T Effective date: 20181115 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602012053327 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20181107 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1063437 Country of ref document: AT Kind code of ref document: T Effective date: 20181107 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190207 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190307 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190207 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20190219 Year of fee payment: 8 Ref country code: GB Payment date: 20190218 Year of fee payment: 8 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190208 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190307 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20190220 Year of fee payment: 8 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602012053327 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
RAP2 | Party data changed (patent owner data changed or rights of a patent transferred) |
Owner name: NOKIA SOLUTIONS AND NETWORKS OY |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
26N | No opposition filed |
Effective date: 20190808 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190202 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20190228 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190228 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190228 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190202 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190228 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190202 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602012053327 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20200202 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200229 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200901 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20200202 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20120202 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181107 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230527 |